Going on the Offense: How to Eliminate Internal Threats

Posted by Heather Howland on Jul 27, 2018 11:57:00 AM

Over the past few years, we’ve observed significant changes in the types of conversations we’re having with CISOs. What used to be discussions about how to keep bad guys out has evolved to how to manage and address internal threats. Internal threats come in a variety of shapes and sizes. It could be an attacker who has already gotten in and waiting for the right moment to make a move. It could also be an insider threat. It could be a malicious insider looking to do harm to the organization. Or it could be employees who don’t mean any harm but may doing things (knowingly or unknowingly) that could put an organization at risk.

With the perimeter all but dissolved, and as enterprises transition to the cloud, it’s becoming clear that identity, and where there are points of access, is the new perimeter. The challenge for many organizations is how to understand their posture around identity. This requires understanding who is doing what, when, and where, and understanding it across all applications and platforms on prem, in the cloud and in hybrid environments. Having a holistic view of identity--all users, privileges, access patterns and accounts--is becoming more critical in order to be more proactive and to have proper controls over accounts (privileged, user, service, and more) and to being able to protect accounts from compromise.

Read More

Topics: User Behavior, CISO, Insider Threats, User and Entity Behavior Analytics, ueba

Evolving Employee Security Measures from “Weak Link” to “Front Line Defense”

Posted by Ajit Sancheti on Dec 1, 2017 8:09:38 AM

It's easy to think that attackers have gained an unfair advantage over security professionals. The network perimeter has virtually dissolved, compelling enterprises to simultaneously work to keep the bad guys out while tackling multiple insider threats – naïve employees, malicious insiders, careless third parties, and undetected malware or intruders that have already breached network defenses.

The challenge for security teams today? Legitimate users and activities should not be impeded, but determining what activity to block and what to allow is not always easy.

Read More

Topics: User Behavior, Adaptive Response, Insider Threats, Credential Compromise, Informaton Security

Building Insider Threat Awareness into Security Awareness - Part 2

Posted by Preempt Guest Blogger on Jul 20, 2017 8:49:52 AM

In part 1 of the post on how Insider Threat Awareness is a vital component of Security Awareness, I talked about the different types of insider threats and some of the steps that security teams can do to protect themselves and educate employees.

 This week I want to explore whether that is enough and some tips for how to approach introducing Insider Threat Awareness training in your organization. 

To recap, at a high level here are some of the things security organizations can do:

Is this enough?

In a white paper (well worth reading in its entirety) about insider threats in nuclear security systems, the American Academy of Arts & Sciences (AMACAD) noted that there are deep organizational and cognitive biases that lead managers to downplay the threats insiders pose to their nuclear facilities and operations. Could insider threats be the elephant in the security room? Some of AMACAD’s findings are broadly applicable to many organizations and several may prompt you to re-evaluate your insider threat strategy:

  • Organizations that consider their staff to be part of a carefully screened elite can lead management to falsely assume that insider threats may exist in other institutions, but not in their organization.
  • The belief that personnel who have been through a background check will not pose an insider problem is remarkably widespread—a special case of the “not in my organization” fallacy. There are two reasons why this belief is mistaken. First, background checks are often not very effective. Second, even completely trustworthy employees may become insiders, especially if they are coerced.
  • High-security facilities typically have programs to monitor the behavior of employees for changes that might suggest a security issue. Security managers often assume that severe red flags warning of problems will not go unnoticed. But if individual incentive systems and information-sharing procedures encourage people not to report, even the reddest of red flags can be ignored.
  • Security-conscious organizations create rules and procedures to protect valuable assets. But such organizations also have other, often competing, goals: managers are often tempted to instruct employees to bend the security rules to increase productivity, meet a deadline, or avoid inconvenience.
  • Prevention of insider threats is a high priority, but leaders and operators should never succumb to the temptation to minimize emergency response and mitigation efforts in order to maintain the illusion that there is nothing to be afraid of. 

Insider threat awareness training

Insider threat awareness is a vital component of security awareness. The need for training and education is making news headlines: 

  • The deadline for Federal contractors to complete insider threat training programs prior to being granted access to classified information under a Department of Defense rule change passed on May 31. 
  • Harvard Business Review asserts that the best cyber security investment you can make is better training. C-level executives, board directors, shareholders, and other senior leaders must not only invest in training for their firm’s own employees but also consider how to evaluate and inform the outsiders upon whom their businesses rely — contractors, consultants, and vendors in their supply chains. Such third parties with access to company networks have enabled high-profile breaches, including Target and Home Depot, among others.
Read More

Topics: User Behavior, Insider Threats

How to Thwart an Attacker’s Attempt to Compromise Credentials and Move Around a Network

Posted by Vikas Arya on Jan 12, 2017 3:28:18 PM

In recent years, we have seen hospitals, insurance companies (Aetna), giant corporations (Sony) retailers (Home Depot and Target), and tech companies (Yahoo, LinkedIn, Dropbox) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that Insider threats are a growing concern for organizations.

Read More

Topics: Insider Threats, Active Directory, Credential Compromise

How to Apply FBI Insider Threat Warning to IT Security

Posted by Heather Howland on Jan 6, 2017 4:15:27 PM

Last month, Special Agent Scott Mahloch, weapons of mass destruction coordinator for the Chicago division of the FBI spoke at the Food Safety Consortium about how food companies can protect themselves against terrorism by identifying the insider threat and some of the FBI’s initiatives in this area. While the focus of his talk was around protecting the food supply from intentional contamination with chemical, biological, or radiological (CBR) agents, I found that much of the advice on guarding against these types of Insider Threats directly applies to cybersecurity and it would be interesting to share how these tips can be applied in IT security -- not only for food companies, but companies in general.

Read More

Topics: User Behavior, Insider Threats, ueba

The IT Security Flip: Insider Threats Capturing More Mindshare

Posted by Ajit Sancheti on Dec 9, 2016 10:56:17 AM

Every once in awhile, a survey provides insights that at first glance don’t seem out of the ordinary. They generally validate a hypothesis. That is why we were somewhat surprised when we commissioned a survey of IT security professionals working in enterprises large and small.

Read More

Topics: CISO, Insider Threats

Study Finds Insider Threats Becoming More Concerning than External IT Security Threats

Posted by Heather Howland on Dec 1, 2016 6:09:40 AM

The macro trend for IT security professionals is shifting. The security risk of insider threats is real and  has become of equal importance to organizations. Insider threats take many forms - from employees bending the rules to get their jobs done more efficiently, to unhappy employees with malicious intent, to  workers who unintentionally install malware, and even 3rd party vendors or partners that don’t follow security policies.

Read More

Topics: CISO, Privileged Users, Insider Threats, Security Skills

Top 4 Security Themes from Financial CISOs - Insider Threat a Universal Priority

Posted by Ajit Sancheti on Oct 28, 2016 8:35:50 AM

This week, Preempt had the opportunity to participate in the annual FS-ISAC Fall Summit 2016 in Nashville, TN.  FS-ISAC ( which stands for Financial Services Information Sharing and Analysis Center) is the financial industry's go to resource for cyber and physical threat intelligence analysis and sharing. The Fall Summit brought together over 700 C-level and Sr-level financial services professionals as well as Security executives across the globe to discuss the latest information on threats, sharing of best practices and trends across the sector.

Read More

Topics: CISO, Risk, Insider Threats

The “Crying Wolf” Rating and Other Security Investment Qualifiers

Posted by Steve Herrod on Oct 27, 2016 3:50:21 PM

There is a lot of noise in the cybersecurity space with every company trying to differentiate itself by claiming to be the “next big thing”, but so few have risen to the top. And the security market has changed a lot in the past couple years. As a venture capitalist, I often get asked about how I see the market changing and how we cut through the noise to find and fund companies that are doing something truly unique and innovative and that really solves customer problems.

Read More

Topics: CISO, Insider Threats, Security Skills, ueba

Finding Nirvana: Preventing Threats vs Disrupting Business

Posted by Boris Danilovich on Sep 15, 2016 11:41:29 AM

As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure.” As Enterprises continue to build out and reinforce their IT security strategy, a keen eye is being put toward “preventative” solutions. With the rise in insider threats and compromised credentials, this is no surprise.

Read More

Topics: Insider Threats, Security Skills, Multi-factor Authentication